← volver
CVE-2009-2477

CVE-2009-2477

EPSS 42.7%
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.
Productos afectados
n/a · n/a
PoCs públicas encontradas7
cve_referencewww.exploit-db.com/exploits/40936/no verificadocve_referencewww.exploit-db.com/exploits/9137no verificadocve_referencewww.exploit-db.com/exploits/9181no verificadoexploitdbwww.exploit-db.com/exploits/40936no verificadoexploitdbwww.exploit-db.com/exploits/16299no verificadoexploitdbwww.exploit-db.com/exploits/9214no verificadoexploitdbwww.exploit-db.com/exploits/9137no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/http://isc.sans.org/diary.html?storyid=6796https://bugzilla.mozilla.org/show_bug.cgi?id=503286http://secunia.com/advisories/35798http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1https://www.exploit-db.com/exploits/40936/https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.htmlhttp://voices.washingtonpost.com/securityfix/2009/07/stopgap_fix_for_critical_firef.htmlhttp://www.exploit-db.com/exploits/9137http://www.exploit-db.com/exploits/9181http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761http://www.kb.cert.org/vuls/id/443060